<?php

error_reporting(0);
header('P3P: CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"');
header("Expires: Mon, 26 Jul 1997 05:00:00 GMT");
header("Pragma: no-cache");
session_start();
include_once '../comm/config.php';

$action = trim($_GET['action']);

if ($action == 'login') {
    include_once '../comm/msgset.php';
    include_once '../comm/checkpostandget.php';
    $name = trim($_GET['user']);
    $pwd = trim($_GET['pwd']);
    $md5pwd = md5($pwd);
    $sj = date("Y-m-d H:i:s");
    if ($name == "" || $name == "网站客服" || $pwd == "") {
        exit;
    }
    $sql = "select `Id`,`dengji`,`jihuo` from " . $BIAOTOU . "user where `ddusername`='$name' and `ddpassword`='$md5pwd'";
    $query = mysql_query($sql);
    $row = mysql_fetch_array($query);
    $uid = $row[0];
    $dengji = $row[1];
	$jihuo = $row[2];
    $sql = "update " . $BIAOTOU . "user set ddpassword='" . $md5pwd . "',loginnum=loginnum+1 ,lastlogintime='" . $sj . "' where `ddusername`='" . $name . "'"; //不管是否修改过，都更新密码
    mysql_query($sql);
    if($jihuo==1 || EMAILJIHUO==0){
		$_SESSION["duoduouser"] = $name;
	    $_SESSION["dduserid"] = $uid;
	    $_SESSION["dduserlevel"] = $dengji;
	    setcookie("ddusername", $name, time() + 1000 * 24 * 60 * 60, "/", SURL);
	    setcookie("ddpassword", $md5pwd, time() + 1000 * 24 * 60 * 60, "/", SURL);
	}
}

if ($action == 'quit') {
    $id = $_SESSION["dduserid"];
    $_SESSION["duoduouser"] = NULL;
    $_SESSION["dduserid"] = NULL;
    $_SESSION["dduserlevel"] = NULL;
    setcookie("ddusername", NULL, time() - 42000, '/', SURL);
    setcookie("ddpassword", NULL, time() - 42000, '/', SURL);
}

if ($action == 'getuser') {
    $config = get_phpwind_config();
    $pwd = $config['pwd'];
    if ($pwd != trim($_GET['pwd'])) {
        echo -1;
        exit;
    }
    $sql = "select ddusername, ddpassword,email from " . $BIAOTOU . "user";
    $query = mysql_query($sql);
    while ($row = mysql_fetch_array($query)) {
        echo $row['ddusername']."\t".$row['ddpassword']."\t".$row['email']."\n";
        
    }
    exit;
}

?>
